1

‘Smart’ Jammer for Mobile Phone Systems

Sami Azzam, Ahmad Hijazi, Ali Mahmoudy
Electrical and Computer Engineering Department, Faculty of Engineering and Architecture
American University of Beirut
Beirut, Lebanon
sami_azzam@hotmail.com, ahmad_hijazi@hotmail.com, mahmoudy_ali@hotmail.com

Abstract— The last few years have witnessed a

2. Jammer/Disabler Technology
dramatic boom in the wireless communications
industry, hence, increasing the number of users of Five types of devices are known to have been developed
mobile communication devices. This magnified the (or being considered for development) for preventing
need for a more efficient and reliable signal mobile phones’ communications in certain specified
scrambler. locations[1]:
This paper discusses two alternative methods for
jammer design and implementation, and aims to A. Type ‘A’ Devices: ‘jammers’. It contains several
present a solution for the problems of durability and independent oscillators transmitting ‘jamming
cost related to the issue of high power consumption signals’ that block frequencies used by mobile
present in jammer designs. communication devices for call establishment.
B. Type ‘B’ Devices: ‘intelligent cellular disablers’.
The device normally works as a detector. When
it detects signaling from the Base station to the
1. Introduction mobile station, it signals the base station not to
Mobile Jammer is a transmitter used to broadcast establish communication. This process of
A electromagnetic signals capable of blocking detection and interruption of call establishment
is done during the interval normally reserved for
frequencies used by cellular/PCS systems. When active in
a certain area, the mobile jammer will prevent any signaling and handshaking.
cellular/PCS system from communicating with the base C. Type ‘C’ Devices: ‘intelligent beacon disablers’.
station, and by this prohibiting all incoming and outgoing These devices act as ‘beacons’, i.e. they instruct
calls. any mobile device within their area of coverage
Mobile Jammer have become a necessity for to disable its ringer or disable its operation. The
accomplishing a more cultured society because there is a problem is that these types of devices require
growing demand for controlling the use of cellular phones intelligent hadsets.
in public places such as religious places, theaters, D. Type ‘D’ Devices: ‘Direct Receive and Transmit
libraries, and others [1]. Jammers’. They behave as a small independent
base station. The jammer is predominantly in
The ‘smart jammer’ focuses on cost, durability, and receive mode and will intelligently choose to
health issues. The max2364 chip was used as the cellular interact and block the cell phone directly if it is
transmitter; thus, reducing the overall cost of the jammer within close proximity of the jammer.
system; moreover, having an output average power lower E. Type “E” Devices: ‘EMI Shield - Passive
than that of commercially available designs enhances Jamming’. This technique uses ElectroMagentic
system durability. This decrease in total output power, Interference (EMI) suppression techniques to
adheres to the recommendations by many medical construct what is called a Faraday cage. The
societies (such as the San Francisco Medical Society Faraday cage essentially blocks, or greatly
(SFMS)) and other authorities (such as the Australian attenuates, virtually all electromagnetic radiation
Communication Authority (ACA)) regarding the from entering or leaving the cage.
reduction of electromagnetic radiation in the environment With current advances in EMI shielding
[1],[2]. techniques and commercially available products
one could conceivably implement this into the
architecture of newly designed buildings for so-
called “quiet-conference” rooms.
 2

4. Suggested ‘Smart’ Jammer Design

3. Selective Frequency Jamming C. Overview

A. Description As a last step in our research for an acceptable design, we
decided to drop the selective frequency option, and based
A ‘smart’ jamming approach would be to disturb the our attention on the power compensation issue of the
control process and thus prevent the establishment of a mobile jammer. In this last design, we decided to
speech channel. This can be achieved by transmitting broadcast a single low-bandwidth signal with a varying
noise at the same frequency of the signal performing the carrier that covers the whole uplink/downlink bandwidth
control process. while restricting the jammer operation time.
This method consists of detecting the frequency of the
control process using the radio frequency signal analyzer D. Description
PXI 5660. The latter interfaces with a computer, The improved jamming procedure is described as follows:
providing it with a data file in which all detected 1. Construct a table indicating power levels at all
frequencies and their corresponding power level are channels of the GSM spectrum.
recorded. The frequency detection process consists of 2. Detect an increase in the power level indicating
selecting the frequencies with a power level greater than control signals exchange between the mobile
33.01 dBm [3]. station and the base station indicating an
As a second step and after determining the frequency of eminent phone call or a location update.
the channel reserved for the control process, the system 3. Inform (trigger) the jammer circuit to begin
transmits noise at the detected frequency. Below is a operation.
block diagram representing the first approach: 4. Synthesize noise signal with a limited
bandwidth and thus covering only a portion of
the downlink/uplink
5. Send the noise signal at a GSM frequency
carrier.
6. Move the carrier through the whole
uplink/downlink with a rate high enough to
ensure that frequency hopping doesn’t allow the
station to continue its signal exchange with the
base station.
7. Stop operation when the time of operation
exceeds a certain predefined value.
Fig. 1 : Block Diagram representing selective
jamming E. Implementation

a) The receiver subsystem

B. Limitations
A receiver (possibly the NI PXI-5660 RF signal analyzer)
Although this alternative insures accurate jamming of the is utilized for monitoring the GSM band in order to detect
channel initiating a conversation, it wasn’t implemented an increase of the power levels above 33 dBm, and then
due to huge difference between the time needed to ensure cause the sending of a control. This latter will be used
successful frequency blocking and achievable time. either for turning on the whole transmitter circuit (mainly
The average read time in hard drives available is 8.9 ms the max2364 IC), or for triggering an oscillator to
and the average write time is 10.9 ms so the total time generate the signal to be sent.
needed for analysis and detection of the frequency is
more than 20 ms. On the other hand the time of one time b) The max2364
slot (corresponding to one frequency hop) according to
The circuit design depends mainly on the max2364,
the GSM standard is 0.577ms.
which is a dual-band quadrature transmitter that is built
Note that this alternative could be implemented either if
by Maxim Company to function in cellular handsets. The
technologies yield faster hard drives (more than 200,000
output RF frequency is a function of the frequency
RPM speed technologies) or if another method is
supplied by a local oscillator. It is given by the relation :
implemented where the frequency detector directly
RFM
delivers the frequency to the jammer transmitter. RF = f REF × where fREF is the
RFR
frequency of the oscillator. RFM is the radio frequency
 3

main divider; RFR is the radio frequency reference specifically the varying voltage at the pins of the
divider, these two values are stored in local registers variable capacitor ) In the simulation it is
inside the chip. considered to be a triangular signal buty any
periodic signal would lead to the same results.
c) Covering uplink/downlink The signal was given a triangular variation from
The noise signal with a low bandwidth is supplied to the 0 Æ 5v and a period of 0.2885 msec1.
IC, and for covering the whole range one of two options • The VCO which represents the oscillator formed
may be considered: by the varactor and an inductor, the range to be
a. Supplying a constant fREF for the max2364 from traversed by fREF is 285.9 KHz which
a simple oscillator system, while continuously corresponds to a 5v variation in the input signal
changing the contents of the RFM and RFR and thus a sensitivity of 57.11 KHz/volt. A
registers through a 3-wire control. Discrete-time VCO was used to allow the use of
b. Keeping the values of the previously mentioned the fast fourier transform to analyze the signal.
registers fixed, and supplying a continuously • The last part is the buffer and the FFT which
varying fREF through a circuit containing a help construct the frequency domain
voltage controlled oscillator (VCO) with a representation of the output signal achieved.
varactor, whose input voltage is a time varying
periodic signal which increases/decreases in a Results
manner such that the corresponding values of RF On Running the simulation, and observing the output of
traverse the whole Uplink/Downlink range. the scope, a signal whose carrier repeatedly moves from
10.6927 to 10.9786 MHz is observed ( In fact, this is an
d) Stopping Transmission FM signal with a varying carrier frequency).
The output of this circuit is the input to pin#36 of the IC
In order to insure minimum power consumption and
and we can see that the result is a signal at frequency RF
dissipation, while maintaining full efficiency of the
which moves on the range of 935 Æ 960 MHz and thus
scrambling system, the transmitter operation may be
covering the whole downlink.
stopped after making sure that no speech channel
establishment was possible.

5. Simulation
A Matlab/Simulink simulation to show the generation of
fREF was carried out to illustrate the behavior of the
oscillating generated signal. The block diagram modeling
the oscillator is shown next:

Figure 2: Spectrum of the output signal

The circuit that uses a colpitt’s oscillator, and output a

varying frequency oscillating signal was constructed and
simulated using the Electronic workbench:

Figure 1: Block diagram of the varying frequency oscillator

where :
• The repeating sequence block represents the 1
periodic input signal to the VCO ( more This value was calculated based on channel allocation time and
frequency hopping
 4

6. Conclusion
The increased need for mobile scramblers makes it
vital that they integrate more features and provide more
control on the whole process. This paper discusses mobile
jamming technology, and introduces suggested
improvements on existing designs. It presents possible
approaches for a more intelligent design. The first
approach (Selective Jamming) was not implemented due
to hardware speed limitation, which may be overcome
with certain technologies. The proposed design achieves
lower power consumption, taking into consideration
health and cost issues.

Acknowledgment
We are very grateful to Professor Karim Kabalan who
provided us with helpful feedback. We also thank Mr. Joe
Samaha for his technical support. Special appreciation
Figure 3: varying frequency oscillator
goes to Elias Nahra and Najwa Hamzeh for helping us in
C6 is varied from 2 to 2.20891 pF to ensure the required getting the required circuit components.
frequency variation.

The circuit to control the operation time of the jammer References

using a 555 timer: [1] Mobile & Personal Communications Committee of
the Radio Advisory Board of Canada, “Use of
jammer and disabler Devices for blocking PCS,
Cellular & Related Services” available at:
http://www.rabc.ottawa.on.ca/e/Files/01pub3.pdf
[2] Sage, C., “Microwave and Radio Frequency
Exposure: A Growing Environmental Health
Crisis” available at:
www.sfms.org/sfm/sfm301h.htm
[3] Mouly M. and Pautet M.B., “The GSM System for
Figure 4 operation time controller of the jammer Mobile Communications”.
[4] Webtronics Website:
The Jammer has the following schematic: http://www.webtronics.com/20wesdighard.html

Figure 5 GSM Jammer

where the circuits of figures 3 and 4 are connected to pins

36 and 27 respectively.